1. Introduction
HidayahMY ("the App") is a free Islamic companion app built for the Malaysian Muslim community. This Privacy Policy explains what data the App collects, how it is used, and how we protect your information. By using HidayahMY, you agree to the practices described in this policy.
2. Data We Collect
2.1 Account Information (Optional)
You may choose to create an account using one of the following methods:
- Email & Password: We store your email address and a securely hashed password.
- Google Sign-In: We receive your name, email, and profile photo from Google.
- Apple Sign-In: We receive your name and email (or a private relay address) from Apple.
Account creation is optional. You can use the App as a guest without providing any personal information. Creating an account enables cloud sync for bookmarks, notes, prayer check-in history, and profile photo.
2.2 Location Data
The App uses your device's location (GPS) for the following purposes:
- Prayer Times: Your coordinates are sent to api.waktusolat.app to detect your JAKIM prayer zone automatically. Only the derived zone code is saved locally — your raw coordinates are not stored permanently.
- Qiblah Direction: Your current position is used to calculate the bearing towards the Kaabah in Makkah.
- Weather: Your coordinates are sent to Open-Meteo (open-meteo.com) to display local weather on the dashboard. This is cached for 30 minutes.
- Nearby Mosques: Your location is used to find masjid and surau near you.
2.3 Downloaded Content
The App allows you to download content from our servers for offline use:
- Background Images: Decorative backgrounds for the dashboard and prayer screens. Downloaded images are stored locally on your device.
- Azan Sounds: Custom azan audio files for prayer notifications. Downloaded sounds are stored locally and may be installed to your device's system sound directory for background notification playback.
These downloads do not require an account and no personal data is collected during the download process.
2.4 Camera Access
The App accesses your device camera only for the Qiblah 3D/AR mode and profile photo capture. No photos or videos are captured or transmitted without your explicit action.
2.5 Analytics Data
We use Firebase Analytics (by Google) to understand how the App is used. This includes anonymous data such as:
- Which screens and features are viewed
- Quran surahs opened and audio played
- Prayer checklist interactions
- Search queries within the App
- Settings changes
This data is anonymous and cannot be used to identify you personally.
2.6 Crash Reports
We use Firebase Crashlytics (by Google) to automatically collect crash logs and error reports. This helps us fix bugs and improve the App. Crash reports may include device metadata (model, OS version) and stack traces, but no personal data.
2.7 Advertising
The App displays banner advertisements via Google AdMob. Google may use your device's advertising identifier and cookies to serve personalised or non-personalised ads. You can control ad personalisation through your device settings.
3. Cloud Data (Authenticated Users)
If you create an account, the following data is synced to our secure servers hosted on Supabase (PostgreSQL):
| Data | Purpose |
|---|---|
| Email and profile name | Account identification and display |
| Profile photo | Display in the App (stored in Supabase Storage, max 512x512px) |
| Quran bookmarks & notes | Cloud sync across devices |
| Prayer check-in history & statistics | Track daily solat completion, streaks, and monthly stats across devices |
| FCM device token & platform | Deliver push notifications to your device (iOS/Android identifier stored) |
4. Data Stored Locally
The following data is stored on your device only and is never uploaded to any server (unless you create an account for cloud sync):
| Data | Purpose |
|---|---|
| Prayer checklist history | Track your daily solat performance and streaks |
| Quran bookmarks & reading position | Resume where you left off |
| Notification history | View past prayer and event alerts (auto-cleared after 30 days) |
| App preferences | Language, theme, fonts, JAKIM zone, notification and azan settings |
| Favourite features & shortcuts | Quick access to your preferred features |
| Azkar counter state | Track your dhikr progress |
| Cached weather data | Display weather without repeated network calls (30-minute cache) |
| Cached prayer times | Monthly prayer schedule (refreshed each month) |
| Downloaded background images | Offline display of dashboard and prayer screen backgrounds |
| Downloaded azan sounds | Custom azan audio for prayer notifications (stored in system sounds) |
| Daily quote preferences | Quote selection and notification scheduling |
| Home widget data | Next prayer name, times, zone code, and theme for home screen widget |
5. Third-Party Services
HidayahMY integrates with the following third-party services:
| Service | Provider | Purpose |
|---|---|---|
| HidayahMY API | HidayahMY (api.hidayahmy.com) | Bookmarks, notes, prayer check-in sync, backgrounds, azan sounds, notifications |
| Firebase Analytics | Anonymous usage analytics | |
| Firebase Crashlytics | Crash and error reporting | |
| Firebase Cloud Messaging | Push notifications delivery | |
| Google AdMob | Advertisement display | |
| Supabase | Supabase Inc. | Authentication, user profile & file storage |
| Waktu Solat API | api.waktusolat.app | JAKIM prayer times & zone detection |
| Open-Meteo | open-meteo.com | Weather data |
| QuranicAudio | quranicaudio.com | Quran audio streaming |
| Google Fonts | Font loading |
Each third-party service has its own privacy policy. We encourage you to review them:
6. Push Notifications
HidayahMY uses two types of notifications:
- Local notifications: Scheduled on your device for prayer time reminders (azan alerts), Islamic calendar events, and daily Islamic quotes. These do not require an internet connection or account. Custom azan sounds may be used if downloaded.
- Push notifications: Delivered via Firebase Cloud Messaging (FCM) for announcements and app updates from HidayahMY. Your device's FCM token and platform (iOS/Android) are stored on our server to enable delivery. The App subscribes to default topics (general, announcement, update, promo). You can disable push notifications at any time from your device settings.
7. Home Screen Widget
HidayahMY offers an optional home screen widget that displays the next prayer time. The widget stores the following data locally on your device:
- Next prayer name and time
- Daily prayer schedule
- JAKIM zone code
- Theme preference
- Hijri date
This data is stored only on your device and is not transmitted to any server.
8. Children's Privacy
HidayahMY includes a "Kids Corner" feature with educational content (Hijaiyyah letters, Kisah Nabi). The App does not knowingly collect any personal data from children. Account creation is not required to use Kids Corner or any other feature.
9. Data Security
- All data stored locally on your device is protected by your device's own security (lock screen, encryption).
- All network requests use HTTPS encryption.
- Cloud data is hosted on Supabase with Row Level Security (RLS) ensuring user data isolation.
- Passwords are securely hashed and never stored in plain text.
- Authentication tokens are managed by Supabase Auth with automatic expiry and refresh.
10. Device Permissions
HidayahMY may request the following device permissions:
| Permission | Purpose | Required |
|---|---|---|
| Location (GPS) | Auto-detect prayer zone, Qiblah direction, weather | Optional — you can set zone manually |
| Camera | Qiblah 3D/AR mode and profile photo capture | Optional |
| Notifications | Prayer time reminders, azan alerts, announcements | Optional |
| Storage (Android 9 and below) | Install custom azan sounds for notification playback | Optional |
| Exact Alarm | Schedule precise prayer time notifications | Optional |
All permissions can be revoked at any time through your device settings. The App will continue to function with reduced features.
11. Your Rights
- Delete local data: You can clear all App data through your device settings or by uninstalling the App.
- Delete your account: You can delete your account and all associated cloud data at any time from the account deletion page or from within the app under Profile > Delete Account.
- Disable location: You can revoke location permission at any time. The App will still work — you can manually select your JAKIM zone.
- Disable notifications: Toggle off notifications in App settings or device settings.
- Ad personalisation: Control personalised ads through your device's advertising settings.
- Analytics opt-out: You can limit analytics collection through your device's privacy settings.
12. Data Retention
- Local data: Retained until you clear App data or uninstall the App.
- Cloud data: Retained as long as your account is active. Deleted upon account deletion request.
- FCM tokens: Automatically cleaned up when tokens become invalid or upon logout.
- Notification history: Auto-cleared after 30 days.
- Weather cache: Refreshed every 30 minutes.
- Prayer times cache: Refreshed monthly.
- Downloaded content: Background images and azan sounds are retained until manually deleted or the App is uninstalled.
- Analytics & crash data: Retained according to Google Firebase's data retention policies.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date. We encourage you to review this page periodically.
14. Contact Us
If you have any questions or concerns about this Privacy Policy or HidayahMY's data practices, please contact us:
Email: admin@hidayahmy.com